Set-AzureRmNetworkSecurityRuleConfig
Sets the goal state for a network security rule configuration.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
Set-AzureRmNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <System.Collections.Generic.List`1[System.String]>]
[-DestinationPortRange <System.Collections.Generic.List`1[System.String]>]
[-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>]
[-DestinationApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Set-AzureRmNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <System.Collections.Generic.List`1[System.String]>]
[-DestinationPortRange <System.Collections.Generic.List`1[System.String]>]
[-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-SourceApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>]
[-DestinationApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The Set-AzureRmNetworkSecurityRuleConfig cmdlet sets the goal state for an Azure network security rule configuration.
Examples
Example 1: Change the access configuration in a network security rule
PS C:\>$nsg = Get-AzureRmNetworkSecurityGroup -Name "NSG-FrontEnd" -ResourceGroupName "TestRG"
PS C:\> $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "rdp-rule"
PS C:\> Set-AzureRmNetworkSecurityRuleConfig -Name "rdp-rule" -NetworkSecurityGroup $nsg -Access "Deny"The first command gets the network security group named NSG-FrontEnd, and then stores it in the variable $nsg. The second command uses the pipeline operator to pass the security group in $nsg to Get-AzureRmNetworkSecurityRuleConfig, which gets the security rule configuration named rdp-rule. The third command changes the access configuration of rdp-rule to Deny.
Parameters
-Access
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
| Type: | String |
| Accepted values: | Allow, Deny |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Specifies a description for a rule configuration. The maximum size is 140 characters.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DestinationAddressPrefix
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DestinationApplicationSecurityGroup
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
| Type: | List<T>[PSApplicationSecurityGroup] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DestinationApplicationSecurityGroupId
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DestinationPortRange
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Direction
Specifies whether a rule is evaluated for incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
| Type: | String |
| Accepted values: | Inbound, Outbound |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies the name of the network security rule configuration that this cmdlet sets.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NetworkSecurityGroup
Specifies the NetworkSecurityGroup object that contains the network security rule configuration to set.
| Type: | PSNetworkSecurityGroup |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Priority
Specifies the priority of a rule configuration. The acceptable values for this parameter are:An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Protocol
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are: --Tcp
- Udp
- A wildcard character (*) to match both
| Type: | String |
| Accepted values: | Tcp, Udp, * |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceAddressPrefix
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceApplicationSecurityGroup
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
| Type: | List<T>[PSApplicationSecurityGroup] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceApplicationSecurityGroupId
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourcePortRange
Specifies the source port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Parameters: NetworkSecurityGroup (ByValue)